Senior Staff, Data & AI Governance

What You'll Do

• Own and operate OpenLoop's AI governance program end-to-end — use-case intake, risk triage and scoring, the AI Use Case Register, issue tracking, and the AI Governance Council review cadence.
• Author and evolve OpenLoop's AI governance standard — the scoring rubric, risk taxonomy, and review framework — keeping it current with evolving AI risk frameworks and the U.S. regulatory landscape, including new federal executive orders and emerging state AI laws.
• Run intake and review to SLA: assess new AI use cases, document risk and regulatory exposure, set conditions of approval, and drive findings to closure.
• Prepare and lead AI Governance Council sessions — agenda, materials, and recommendations — so decisions get made, recorded, and acted on without escalation.
• Help stand up and then run OpenLoop's data governance program on the same model — the Data Governance Council, the data governance standard, the enterprise data classification scheme, and the data ownership and stewardship model.
• Measure adherence to the data governance standard across the operating teams, and report clearly where the organization is and is not meeting it.
• Partner with the teams that operate data day to day — Privacy, Data Security, Data Protection (DLP), Data Platform, and Data Engineering & Analytics — setting the standards they run against and measuring whether they're met.
• Govern the data that feeds AI systems as a priority slice of both programs — provenance, lineage, classification, and quality of training and inference data — so models are built on trustworthy, appropriately handled data.
• Assess AI vendor and model risk in partnership with Third-Party Risk, Security, and Legal — including standalone AI tools and AI features embedded in existing vendors.
• Maintain AI and data governance metrics, dashboards, and reporting. Translate AI and data risk posture into language the leadership team and board can act on.
• Support SOC 2, HITRUST, and HIPAA assurance activities related to AI and data governance controls.
• Use AI to run the program — automate your own governance workflows for intake, scoring, evidence gathering, and reporting, and keep improving them.

Requirements

• 5-7 years experience in GRC (governance, risk and compliance), with at least 2 years hands-on in AI/ML governance or AI risk management.
• Experience with AI and data governance, including oversight of data flows, and third-party risks.
• Experience with workflow automation, bringing specific hands-on experience with agentic tools like Claude Code.
• Experience with AI governance frameworks such as the NIST AI RMF, and the U.S. AI regulatory landscape, including new federal executive orders and emerging state AI laws.
• Experience building or operating an AI use-case intake, risk-scoring, and review process — registers, review boards, or AI governance councils.
• Working knowledge of a data governance operating model — classification, ownership and stewardship, lineage, and quality — ideally aligned to CDMC or DAMA-DMBOK.
• Proven experience standing up and running a data governance program.
• Ability to author governance standards and risk taxonomies, and measuring adherence.
• Experience with healthcare data, HIPAA, and PHI handling.
• Strong analytical and writing skills — you can build a rubric, score a use case, and produce executive-ready reporting.
• Experienced with being an autonomous team player, in a lean, fast-moving environment.

Nice-to-Haves

• AIGP (IAPP), ISO/IEC 42001 Lead Implementer, CIPP, CISA, or equivalent certifications.
• CDMC certification or hands-on experience standing up a data governance council, standard, or stewardship program.
• Experience supporting IPO readiness or SOC 2/HITRUST audit cycles.
• Experience governing third-party and embedded AI, and model risk.
• Familiarity with data lineage, classification, and catalog tooling.